Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Relay settings (MTA mode)

You can allow Sophos Firewall to act as an outbound mail relay for hosts in the network and an inbound relay for emails from upstream hosts. You can enforce user authentication to use the relay.

Host-based relay

Allow relay from hosts/networks: Hosts and networks that can use Sophos Firewall as a mail relay.

Warning

Don't select Any. It results in an open relay, allowing anyone on the internet to send emails through Sophos Firewall.

Note

If the IP addresses that you’ve allowed for host-based relay fail to scan, Sophos Firewall will reject them.

Block relay from hosts/networks: Hosts and networks to be blocked.

Note

For hosts and networks appearing in both allow and block lists, Sophos Firewall allows the relay.

Upstream host

Allow relay from hosts/networks: Upstream hosts and networks to allow inbound emails from, for example, ISP or external MX.

Block relay from hosts/networks: Upstream hosts and networks to block inbound emails from.

Note

For hosts and networks appearing in both allow and block lists, Sophos Firewall allows the relay.

Authenticated relay settings

Enable authenticated relay: Select to require authentication of users and groups to use Sophos Firewall as a mail relay.

Users and groups: Specify the users and groups who require authentication.

Note

Sophos Firewall doesn't support the RFC standard for SMTP Authentication.